Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to run combofix due to win32.virut.ce


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kerm007

Kerm007

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 05 May 2009 - 10:05 AM

when i try to run the combofix i m stuck cause it told me that the package is modified due to a win32.virut.ce and the combofix icon on the desktop disapear any idea what i can do ?

Thanks

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:45 PM

Posted 05 May 2009 - 11:28 AM

Welcome to BC
This is not the correct forum for Combofix
You should not use it unless under the supervision of a HJT team member

All of this is for naught anyways
You have Virut - The nastiest virus out there
It is recommended that you reformat and do not backup or save anything

At the very least, if you use online banking and such, you need to contact them about being compromised

Edited by garmanma, 05 May 2009 - 05:21 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Kerm007

Kerm007
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 05 May 2009 - 11:39 AM

if reformat is not an option is there a way to use a tool and scan it even 3 or 4 time ?

Thanks

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:45 PM

Posted 05 May 2009 - 05:26 PM

is there a way to use a tool and scan it even 3 or 4 time


No, it keeps recreating itself. You can try a HJT log
------------------------------------------




Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:45 PM

Posted 05 May 2009 - 05:47 PM

Ok Folks heres the news that you really dont want to be hearing if a system is infected with the recent evo's of Virut PE infector then no software will be able to clean it sucessfully if run from the infected system.

In short there is no quick 1 hit recovery from Virut...if any one claims to do this then they are misleading you.
Please bear in mind just because the AV's know the signature of a Virus it does not equate automatically to them being able to remove it from an active infection.
These most recent PE infectors are really driving that point home but some of you will have been experiencing this first hand sad.gif


Right can the most recent Virut strains be removed,yes is the answer but inorder to achieve this then the amount of time and effort+tools that will need to be invested then it would be better to reformat and reinstall the computer from scratch.
This is my standard advice to anyone who is wrestling with a Virut infection currently.... full blooded R&R time!!!

That said some will still want to know how it can be done so here comes the current working solution and short explaination for actions.

You need either a live CD such as BartPE/Ultimate Boot to boot from or a 2nd pc to slave the infected pc to.
If you have niether then it's a no go folks.Virut will reinstall as quick as you can eradicate it when attempting removal from within the same OS.

When you have your 2nd enviroment to work from available.Run Dr Web Cure-IT(updated to most recent database).

You will need Cure-IT to scan every last thing on the infected PC so you will have to configure it to do so because running by default settings it will only run a quick scan(limited coverage).

Every last PE file will need to be disinfected so full scan is the only option!

Once this has been encomplished you will need to run an OS repair install to get OS integrity restored.

And the final bits of TLC,all installed software will need to be uninstalled and then reinstalled inorder to restore total software integrity.

This is an absolutely massive amount of work to be done there folks unfortunetly but it is possible.....but seriously tho reformat and reinstall is so much quicker!


Here's how to cure a virut/ce infection

Format is always an option
Chewy

No. Try not. Do... or do not. There is no try.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:45 PM

Posted 06 May 2009 - 08:55 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/224816/win32virutce-hijack-log-and-combo-fix-failed-to-run/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users